Search For:

Displaying 1-26 out of 26 total
Document-Based Dynamic Workflows: Towards Flexible and Stateful Services
Found in: Services Part II, IEEE Congress on
By Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad
Issue Date:September 2009
pp. 87-94
Task-based workflows describe a set of predefinedtasks executed in a predefined sequence flow in whichdocuments representing business objects are sent to activate tasks according to some business goal. The increasingly agile nature of business processes im...
 
Towards Secure Content Based Dissemination of XML Documents
Found in: Information Assurance and Security, International Symposium on
By Mohammad Ashiqur Rahaman, Henrik Plate, Yves Roudier, Andreas Schaad
Issue Date:August 2009
pp. 721-724
Collaborating on complex XML data structures is a non-trivial task in domains such as the public sector,healthcare or engineering. Specifically, providing scalable XML content dissemination services in a selective and secure fashion is a challenging task. ...
 
ProActive Caching: Generating Caching Heuristics for Business Process Environments
Found in: Computational Science and Engineering, IEEE International Conference on
By Mathias Kohler, Achim D. Brucker, Andreas Schaad
Issue Date:August 2009
pp. 297-304
Today's complex and multi-layered enterprise systems demand fine-grained access control mechanisms supporting dynamic security policies for large and distributed repositories. Thus, the efficient evaluation of security policies becomes an important factor ...
 
Delegation Assistance
Found in: Policies for Distributed Systems and Networks, IEEE International Workshop on
By Achim D. Brucker, Helmut Petritsch, Andreas Schaad
Issue Date:July 2009
pp. 84-91
Today's IT systems typically comprise a fine-grained access control mechanism based on complex policies. The strict enforcement of these policies, at runtime, always contains the risk of hindering people in their regular work. An efficient support for assi...
 
A Secure Comparison Technique for Tree Structured Data
Found in: Internet and Web Applications and Services, International Conference on
By Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad
Issue Date:May 2009
pp. 304-309
Comparing different versions of large tree structured data is a CPU and memory intensive task. State of the art techniques require the complete XML trees and their internal representations to be loaded into memory before any comparison may start. Furthermo...
 
ProActive Access Control for Business Process-Driven Environments
Found in: Computer Security Applications Conference, Annual
By Mathias Kohler, Andreas Schaad
Issue Date:December 2008
pp. 153-162
Users expect that systems react instantly. This is specifically the case for user-centric workflows in business process-driven environments. In today's enterprise systems most actions executed by a user have to be checked against the system's access contro...
 
Distributed Access Control For XML Document Centric Collaborations
Found in: Enterprise Distributed Object Computing Conference, IEEE International
By Mohammad Ashiqur Rahaman, Yves Roudier, Andreas Schaad
Issue Date:September 2008
pp. 267-276
This paper introduces a distributed and fine grained access control mechanism based on encryption for XML document centric collaborative applications. This mechanism also makes it possible to simultaneously protect the confidentiality of a document and to ...
 
Avoiding Policy-based Deadlocks in Business Processes
Found in: Availability, Reliability and Security, International Conference on
By Mathias Kohler, Andreas Schaad
Issue Date:March 2008
pp. 709-716
In the field of business process management, deadlocks describe a situation where a workflow execution is blocked and cannot be completed. We speak of policy-based deadlocks if such a situation is caused by unsatisfiable resource requirements due to securi...
 
SOAP-based Secure Conversation and Collaboration
Found in: Web Services, IEEE International Conference on
By Mohammad Ashiqur Rahaman, Andreas Schaad
Issue Date:July 2007
pp. 471-480
<p>Web services in different trust boundaries interact with each other via SOAP messages to realize functionality in a collaborative environment. Exchanging SOAP messages for remote service invocation has gained wide acceptance among web service deve...
 
A Framework for Organisational Control Principles
Found in: Computer Security Applications Conference, Annual
By Andreas Schaad, Jonathan D. Moffett
Issue Date:December 2002
pp. 229
Organisational control principles, such as those expressed in the separation of duties, supervision, review and delegation, support the main business goals and activities of an organisation. Some of these principles have previously been described and analy...
 
Supporting Evidence-Based Compliance Evaluation for Partial Business Process Outsourcing Scenarios
Found in: Requirements Engineering and Law
By Philip L. Miseldine, Ulrich Flegel, Andreas Schaad
Issue Date:September 2008
pp. 31-34
We present the challenges facing businesses wishing to outsource processes to service providers who must maintain regulatory compliance via data access control procedures. We argue that it is not currently possible to capture the nec- essary agreements, an...
 
Classification Model for Access Control Constraints
Found in: Performance, Computing, and Communications Conference, 2002. 21st IEEE International
By Mathias Kohler, Christian Liesegang, Andreas Schaad
Issue Date:April 2007
pp. 410-417
Whether access is given to a protected entity is decided upon evaluation of access control constraints. Though some initial approaches to classify access control constraints can be identified in the current literature, they must be considered as too broad ...
 
DEMO: Adjustably encrypted in-memory column-store
Found in: Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security (CCS '13)
By Isabelle Hang, Martin Härterich, Mathias Kohler, Andreas Schaad, Axel Schröpfer, Florian Kerschbaum, Patrick Grofig, Walter Tighzert
Issue Date:November 2013
pp. 1325-1328
Recent databases are implemented as in-memory column-stores. Adjustable encryption offers a solution to encrypted database processing in the cloud. We show that the two technologies play well together by providing an analysis and prototype results that dem...
     
Secure benchmarking in the cloud
Found in: Proceedings of the 18th ACM symposium on Access control models and technologies (SACMAT '13)
By Andreas Schaad, Heiko Boehm
Issue Date:June 2013
pp. 197-200
Benchmarking is the comparison of one company's key performance indicators (KPI) to the statistics of the same KPIs of its peer group. A KPI is a statistical quantity measuring the performance of a business process. Privacy by means of controlling access t...
     
Visualizing security in business processes
Found in: Proceedings of the 16th ACM symposium on Access control models and technologies (SACMAT '11)
By Andreas Schaad, Ganna Monakova
Issue Date:June 2011
pp. 147-148
Defining constraints at the business process level is an often demanded feature. Our approach guides a business user in the analysis of threats to resources used in a business process, and provides the means to specify appropriate controls on the identifie...
     
Privacy-preserving social network analysis for criminal investigations
Found in: Proceedings of the 7th ACM workshop on Privacy in the electronic society (WPES '08)
By Andreas Schaad, Florian Kerschbaum
Issue Date:October 2008
pp. 53-62
Social network analysis (SNA) is now a commonly used tool in criminal investigations, but evidence gathering and analysis is often restricted by data privacy laws. We consider the case where multiple investigators want to collaborate, but do not yet have s...
     
Task-based entailment constraints for basic workflow patterns
Found in: Proceedings of the 13th ACM symposium on Access control models and technologies (SACMAT '08)
By Andreas Schaad, Christian Wolter, Christoph Meinel
Issue Date:June 2008
pp. 1-1
Access Control decisions are based on the authorisation policies defined for a system as well as observed context and behaviour when evaluating these constraints at runtime. Workflow management systems have been recognised as a primary source for defining ...
     
Towards secure SOAP message exchange in a SOA
Found in: Proceedings of the 3rd ACM workshop on Secure web services (SWS '06)
By Andreas Schaad, Maarten Rits, Mohammad Ashiqur Rahaman
Issue Date:November 2006
pp. 77-84
SOAP message exchange is one of the core services required for system integration in Service Oriented Architecture (SOA) environments. One key concern in a SOA is thus to provide Message Level Security (as opposed to point to point security). We observe th...
     
A model-checking approach to analysing organisational controls in a loan origination process
Found in: Proceedings of the eleventh ACM symposium on Access control models and technologies (SACMAT '06)
By Andreas Schaad, Karsten Sohr, Volkmar Lotz
Issue Date:June 2006
pp. 139-149
Demonstrating the safety of a system (ie. avoiding the undesired propagation of access rights or indirect access through some other granted resource) is one of the goals of access control research, e.g. [1-4]. However, the flexibility required from enterpr...
     
Security in enterprise resource planning systems and service-oriented architectures
Found in: Proceedings of the eleventh ACM symposium on Access control models and technologies (SACMAT '06)
By Andreas Schaad
Issue Date:June 2006
pp. 69-70
A Multi-Agent System's (MAS) overall performance is tightly coupled to the system's ability to schedule, monitor, and coordinate activities. These activities must maximize each individual agent"s utility to the group while minimizing the duration of the ov...
     
XacT: a bridge between resource management and access control in multi-layered applications
Found in: Proceedings of the 2005 workshop on Software engineering for secure systemsbuilding trustworthy applications (SESS '05)
By Andreas Schaad, Benjamin De Boe, Maarten Rits
Issue Date:May 2005
pp. 105-110
In this paper we describe the eXtreme access control Tool (XacT) which provides an automated way to obtain access control information out of multi-layered applications. We believe that based on this information consistent access control policies can be spe...
     
A case study of separation of duty properties in the context of the Austrian "eLaw" process.
Found in: Proceedings of the 2005 ACM symposium on Applied computing (SAC '05)
By Andreas Schaad, Helmut Weichsel, Pascal Spadone
Issue Date:March 2005
pp. 1328-1332
Over the last few years rapid progress has been made in moving from conceptual studies, "whitepapers" and initiatives to the actual deployment of e-Government systems [13]. In this paper we present the case study of an existing e-Government system (eLaw) w...
     
An administration concept for the enterprise role-based access control model
Found in: Proceedings of the eighth ACM symposium on Access control models and technologies (SACMAT '03)
By Andreas Schaad, Axel Kern, Jonathan Moffett
Issue Date:June 2003
pp. 3-11
Using an underlying role-based model for the administration of roles has proved itself to be a successful approach. This paper sets out to describe the enterprise role-based access control model (ERBAC) in the context of SAM Jupiter, a commercial enterpris...
     
Observations on the role life-cycle in the context of enterprise security management
Found in: Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT '02)
By Andreas Schaad, Axel Kern, Jonathan Moffett, Martin Kuhlmann
Issue Date:June 2002
pp. 43-51
Roles are a powerful and policy neutral concept for facilitating distributed systems management and enforcing access control. Models which are now subject to becoming a standard have been proposed and much work on extensions to these models has been done o...
     
A lightweight approach to specification and analysis of role-based access control extensions
Found in: Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT '02)
By Andreas Schaad, Jonathan D. Moffett
Issue Date:June 2002
pp. 13-22
Role-based access control is a powerful and policy-neutral concept for enforcing access control. Many extensions have been proposed, the most significant of which are the decentralised administration of role-based systems and the enforcement of constraints...
     
The role-based access control system of a European bank: a case study and discussion
Found in: Proceedings of the sixth ACM symposium on Access control models and technologies (SACMAT '01)
By Andreas Schaad, Jeremy Jacob, Jonathan Moffett
Issue Date:May 2001
pp. 3-9
Research in the area of role-based access control has made fast progress over the last few years. However, little has been done to identify and describe existing role-based access control systems within large organisations. This paper describes the access ...
     
 1